Senior Privacy Specialist Cyber Security and Privacy Operations

About The Position

Requirements

• Minimum Bachelor’s degree in Cybersecurity, Information Security, Law, Privacy, Healthcare or related field (or equivalent experience).
• 5+ years of experience in Privacy Operations.
• Direct interaction with regulators or auditors.
• Knowledge of data mapping, data governance, and privacy engineering.
• Handling data breach or privacy incidents.
• Strong understanding of Data protection regulations (HIPAA, GDPR, CCPA, etc.).
• Strong understanding of Privacy principles and data classification.
• Strong understanding of Incident response lifecycle (NIST/SANS framework familiarity).

Nice To Haves

• Experience building or leading a Privacy Incident Response function preferred.
• Experience in healthcare or other regulated industries.
• CIPP (US/E, or equivalent) certification.
• CIPM / CIPT certification.
• CISSP, CISM, or GIAC (GCIA, GCIH) certification.
• Certified Healthcare Compliance Professional (CHC) or Certified Healthcare Privacy Compliance (CHPC) certification.

Responsibilities

• Monitor and assess alerts, cases, and reports for potential privacy incidents (e.g., unauthorized access, data exfiltration, misdirected communications).
• Perform initial triage to classify incidents involving Personal Data (PII/PHI).
• Lead or support end-to-end investigation of privacy incidents.
• Analyze impacted data elements, systems, and individuals; determine root cause and scope of exposure.
• Document incident findings in accordance with legal and compliance requirements.
• Evaluate breach thresholds under regulations (HIPAA, GDPR, state breach laws).
• Coordinate with Legal on breach notification obligations.
• Support preparation of regulatory filings and communications to affected individuals.
• Participate in incident response war rooms and crisis management efforts.
• Ensure alignment between technical containment and privacy obligations.
• Maintain detailed incident records and case documentation.
• Track incident metrics (e.g., time to detect/respond, incident trends).
• Provide reporting to leadership, regulators, and audit teams.
• Enhance privacy incident response playbooks and workflows.
• Conduct tabletop exercises and training sessions.
• Contribute to privacy program maturity and continuous improvement initiatives.
• Participate in projects collaborating with stakeholders as needed.
• Monitor the Privacy Office inbox and provide timely guidance and responses to inquiries.
• Develop and deliver privacy training and awareness initiatives to promote a culture of data protection and compliance.
• Draft and review privacy policies and procedures to ensure alignment with applicable regulations and organizational standards.

Benefits

• medical, dental, and vision insurance
• a 401(k) with company match
• paid time off
• parental leave